CN101202756B - Method and apparatus of message processing - Google Patents
Method and apparatus of message processing Download PDFInfo
- Publication number
- CN101202756B CN101202756B CN2007103019353A CN200710301935A CN101202756B CN 101202756 B CN101202756 B CN 101202756B CN 2007103019353 A CN2007103019353 A CN 2007103019353A CN 200710301935 A CN200710301935 A CN 200710301935A CN 101202756 B CN101202756 B CN 101202756B
- Authority
- CN
- China
- Prior art keywords
- message
- business board
- master cpu
- sends
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/40—Bus networks
- H04L12/407—Bus networks with decentralised control
- H04L12/413—Bus networks with decentralised control with random access, e.g. carrier-sense multiple-access with collision detection (CSMA-CD)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
Abstract
The invention discloses a message processing method applied in a high-performance scalable flow processing system framework. The firewall function of a service plate carries through security processing on the message received from an external device and then transmits the message to a main control CPU; simultaneously, as the message is transmitted to the external device by the main control CPU, the firewall function of the service plate also carries through processing on the message before being transmitted to the external device. The invention discloses a message processing device which is applied in the high-performance scalable flow processing system framework and includes an interface unit, at least one service plate and a main control CPU. By adopting the invention and utilizing the high performance and scalable characteristic of a new framework, in a large-flow high-speed network, firstly, the firewall function of the service plate carries through security processing and then the message is transmitted to the main control CPU. The main control CPU can be similar to the device at the back surfaces of other firewalls and get protection from the firewall, thereby effectively protecting the security of the main control CPU of the device.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of message processing method and equipment.
Background technology
Along with development of internet technology, after particularly ten thousand mbit ethernets are released, more and more higher to the handling property requirement of Network Security Device L4-L7 layer.For this reason, but proposed a kind of high-performance extended flow treatment system framework at present, its structure as shown in Figure 1.How guaranteeing the safety of master cpu on this framework, avoid master cpu safety means paralysis and then the safety that jeopardizes internal network of causing under attack, is present problem demanding prompt solution.
In the master cpu general message transmitting-receiving scheme of existing switch or router, the message of receiving for each interface on the master control borad, handle according to the message that this plate receives, interface is received the master cpu of directly this message being issued this plate behind the message by the interface processing unit, and the message that master cpu outwards sends can directly send through the master control borad interface.
But in high-performance extended flow treatment system framework, also can adopt above-mentioned existing scheme to realize master cpu communication from common router or switch technology.The characteristics of this method are to realize simply, and the handling property that message receives and sends is higher.When being applied to safety product, during high-end safety product in particularly present 10,000,000,000 networks of popularizing gradually, the problem of its existence is: master cpu may impact in the face of big flow high-speed attacks message.Therefore the prior art scheme is difficult to guarantee the safety of master cpu self, so but need to consider redesign master cpu packet sending and receiving technical scheme in this new high-performance extended flow treatment system framework.
Summary of the invention
The invention provides a kind of message processing method, but be applied in the high-performance extended flow treatment system framework, but be used to improve the security performance of high-performance extended flow treatment system framework.
For achieving the above object, the invention provides a kind of message processing method, but be applied to may further comprise the steps in the high-performance extended flow treatment system framework:
Interface receives the message that external equipment sends to master cpu, described message is sent to business board carry out sending to the master cpu processing after safety service is handled; Wherein, described business board carries out the safety service processing and comprises: quicken and controlled function by the stream on the described business board, described message is carried out safety service handle, to filter the attack message that wherein may comprise;
The returned packet of described master cpu after with described processing sends to described business board, sends to described external equipment by interface after described business board is handled.
Wherein, when sending to the master cpu processing after described business board is handled described message, also comprise:
Described business board is notified each interface and/or described master cpu, shows that the returned packet of described message and correspondence is handled by described business board; The mode of described notice comprises:
Described business board sends the stream table to described each interface and/or described master cpu, shows that the returned packet of described message and correspondence is handled by described business board; And/or
Described business board directly is kept at the growth data district of the message that sends to described master cpu with the related content of indicating self business board, shows that described message and corresponding returned packet handled by described business board.
Wherein, the returned packet of described master cpu after with described processing sends to described business board and is specially:
Described master cpu is searched the stream table of described each interface, obtains described returned packet corresponding service plate, and the returned packet after the described processing is sent to described business board; Or
Described master cpu is searched the stream table that described business board sends, and obtains described returned packet corresponding service plate, and the returned packet after the described processing is sent to described business board; Or
The relevant information of business board is obtained described returned packet corresponding service plate in the growth data district of the message that described master cpu parsing receives, and the returned packet after the described processing is sent to described business board.
Embodiments of the invention also provide a kind of message processing method, but are applied to may further comprise the steps in the high-performance extended flow treatment system framework:
When master cpu sends message to external equipment, described message is sent to after business board handles, send to described external equipment through interface;
Described interface receives the message that described external equipment returns to master cpu, described message after handling, described business board is sent to master cpu, wherein, described message handled through described business board comprise: quicken and controlled function by the stream on the described business board, described message is carried out safety service handle, to filter the attack message that wherein may comprise.
Wherein, described described message is sent to after business board handles, also comprises:
Described business board is notified each interface, shows that the returned packet of described message and correspondence is handled by described business board; The mode of described notice is specially:
Described business board sends the stream table to described each interface, shows that the returned packet of described message and correspondence is handled by described business board.
Wherein, described interface receives the message that described external equipment returns to master cpu, described message is sent to master cpu be specially after described business board is handled:
The stream table that described interface sends according to described business board sends to the described returned packet that receives from external equipment and sends to master cpu after described business board is handled.
The present invention also provides a kind of message handling system, but is applied to comprise in the high-performance extended flow treatment system framework:
Interface unit is used to receive the message that external equipment sends to master cpu, and described message is sent to business board; And the returned packet that described business board is handled sends to described external equipment;
At least one business board is used for the message that described interface unit sends is carried out sending to master cpu after safety service is handled; And send to described interface unit after the returned packet processing with described master cpu transmission; Wherein, described business board carries out the safety service processing and comprises: quicken and controlled function by the stream on the described business board, described message is carried out safety service handle, to filter the attack message that wherein may comprise;
Master cpu is used for handling the returned packet that message that described business board sends obtains and sends to described business board, sends to described external equipment by interface after described business board is handled.
Wherein, described business board comprises:
Stream table transmitting element is used for sending the stream table to each interface and/or described master cpu, shows that the returned packet of described message and correspondence is handled by described business board; And/or
Identify transmitting element, be used for the related content of indicating self business board directly is kept at the growth data district of the message that sends to described master cpu.
Wherein, described master cpu comprises:
The business board acquiring unit is used for by the following method one or more and obtains the business board that receives returned packet:
Search the stream table of each interface, obtain described returned packet corresponding service plate; Or
Search the stream table that described business board sends, obtain described returned packet corresponding service plate; Or
The relevant information of business board in the growth data district of the message that parsing receives is obtained described returned packet corresponding service plate.
The present invention also provides a kind of message handling system, but is applied to comprise in the high-performance extended flow treatment system framework:
Master cpu is used for described message being sent to business board handling when external equipment sends message; And receive the returned packet that described business board sends;
At least one business board is used for the message that receives from master cpu is handled after interface sends to described external equipment; And send to described master cpu after the returned packet processing with described interface transmission, wherein, the returned packet that described interface is sent is handled and is comprised: quicken and controlled function by stream, described message is carried out safety service handle, to filter the attack message that wherein may comprise;
Interface is used for the message after the described business board processing is sent to external equipment; And the message that the described external equipment that will receive returns to master cpu sends to described business board.
Wherein, described business board comprises:
Stream table transmitting element is used for sending the stream table to each interface, shows that the returned packet of described message and correspondence is handled by described business board.
Wherein, described interface comprises:
The business board transmitting element when being used to receive the message of external equipment transmission, according to the stream table that described business board sends, obtains the purpose business board that sends described returned packet.
Compared with prior art, the present invention has the following advantages:
By said method provided by the invention; the high-performance and the extendible characteristics of new architecture have been utilized; in big flow express network; at first the firewall functionality by business board carries out again message being passed to master cpu after the safe handling; master cpu can with the equipment class of other fire compartment wall back seemingly; obtain the protection of fire compartment wall, thereby effectively protected the safety of equipment master cpu.
Description of drawings
But Fig. 1 is the schematic diagram of a kind of high-performance extended flow treatment system framework in the prior art;
Fig. 2 is the principle schematic of a kind of message processing method among the present invention;
Fig. 3 is the message flow processing method that slave unit sends to master cpu outward among the present invention;
Fig. 4 is the message flow processing method that is sent to external equipment among the present invention by master cpu.
Embodiment
A kind of message processing method has been proposed among the present invention, but be applied in the high-performance extended flow treatment system framework, its core concept is: after by the firewall functionality of business board the message that receives from external equipment being carried out safe handling, again message is sent to master cpu; The message that sends to external equipment for master cpu is being handled earlier by the firewall functionality of business board before external equipment sends too equally.The schematic diagram of this principle as shown in Figure 2.Make master cpu equally obtain the protection of fire compartment wall, thereby effectively protect the safety of safety means master cpu self with the equipment of other fire compartment wall back.
Below in conjunction with concrete application scenarios, the embodiment of a kind of message processing method of the present invention is described.
(1) sends to the message flow of master cpu outward for slave unit, processing method as shown in Figure 3, in this flow process, the message flow that sends to master cpu with external equipment is the forward message flow, the message flow that master cpu sends to external equipment is reverse message flow, comprises the steps:
Step s301, master control borad interface are received the forward message flow that sends to master cpu from external equipment.
Step s302, with this forward message flow send to comprise stream control unit and stream accelerator module business board.
In this step,, not directly to issue master cpu, but this message flow is sent to stream control unit and the business board that flows the accelerator module place by linkage unit, suppose that here this business board is M for the forward message flow that receives.For the method for selecting specific business board M in a plurality of business boards, comprehensively the factors such as load balancing of each business board are selected.
Step s303, the forward message flow after business board handled send to master cpu and handle.
In this step, the forward message flow is finished all safety service processing through overcurrent acceleration and control unit on business board M, to filter the attack message that wherein may comprise, by linkage unit normal message is issued master cpu again and handle.Detection and filter method for different attack messages in this safety service handling process can be configured according to actual operating position.
After step s304, master cpu are handled this message flow, send the reverse message flow of this forward message flow.
Step s305, with this reverse message flow send to comprise stream control unit and stream accelerator module business board.
In this step, reverse message flow for the master cpu transmission, also no longer be directly to send, but the business board M of the reverse forward message flow of being correlated with of bar was therewith handled in same this reverse message flow is issued, and made regular traffic by business board M and handle by interface.
Step s306, the reverse message flow after business board handled send to external equipment by linkage unit and interface.
(2) be the situation that sends to external equipment by master cpu for message flow, processing method as shown in Figure 4, in this flow process, the message flow that sends to external equipment with master cpu is the forward message flow, the message flow that external equipment sends to master cpu is reverse message flow, comprises the steps:
Step s401, master cpu send the forward message flow to external equipment.
Step s402, with this forward message flow send to comprise stream control unit and stream accelerator module business board.
In this step, be not directly to send to external equipment in this forward message flow, but select certain business board, this forward message flow is issued business board M carry out the regular traffic processing by the master control borad interface from master cpu.Here suppose that this business board is M.For the method for selecting specific business board M in a plurality of business boards, comprehensively the factors such as load balancing of each business board are selected.
Step s403, the forward message flow after business board handled send to external equipment by linkage unit and interface.
Step s404, master control borad interface are received the reverse message flow of responding this forward message flow.
Step s405, with this reverse message flow send to comprise stream control unit and stream accelerator module business board.
In this step,, not directly to issue master cpu, but this message flow is sent to the business board M that handled the forward message flow relevant with this reverse message flow by linkage unit for the reverse message flow that receives.
Step s406, the reverse message flow after business board handled send to master cpu.
In this step, oppositely message flow is finished all safety service processing through overcurrent acceleration and control unit on business board M, to filter the attack message that wherein may comprise, by linkage unit normal message is issued master cpu again and handles.Detection and filter method for different attack messages in this safety service handling process can be configured according to actual operating position.
In above-mentioned Fig. 3 and flow process shown in Figure 4, can find, but when high-performance extended flow treatment system framework adopts technical scheme of the present invention, satisfy the requirement that forward and reverse message of the stream of this framework requirement must be handled on same business board.In order to realize this requirement, need the foundation stream table mechanism relevant with interface, pretreatment unit and master cpu.About being described in detail as follows of stream table mechanism:
The external equipment of message flow issue master cpu from to(for) above-mentioned situation () is the situation of forward message flow:
Can send the stream table to interface and pretreatment unit finish the Business Processing of positive flow at business board M after, stream table content shows that the forward message of this stream and corresponding reverse message should give business board M and handle.Business board M sends to master cpu with the forward message then.
After master cpu has been handled this forward message flow, when sending reverse message flow, message need be sent to business board M and handle, can guarantee by the following method reverse message flow is sent to business board M:
(1) master cpu is searched the stream table at interface and pretreatment unit place, obtains this reverse message flow corresponding service plate M; Or
(2) business board M equally also sends a stream table to master cpu when sending the stream table to interface and pretreatment unit, and master cpu is preserved this stream table.When needs sent reverse message flow, master cpu can obtain this reverse message flow corresponding service plate M by the stream table of searching preservation; Or
(3) business board M directly is kept at the part correlation content of sign own service plate in the stream table in the growth data district of the forward message flow that sends to master cpu.Master cpu does not need to preserve when needs send reverse message flow and inquiry stream table, only needs to resolve the relevant information of corresponding business board in the growth data district of forward message flow, can obtain this reverse message flow corresponding service plate M.
The master cpu of message flow issue external equipment from to(for) above-mentioned situation (two) is the situation of forward message flow:
Owing to be that master cpu at first sends, therefore the stream table of being set up by business board M is empty at this moment, master cpu can be according to business board M of certain algorithm picks under searching less than the situation of stream list item, and after the forward message flow given business board M and handle, business board M can issue forward and reverse stream table to the interface pretreatment unit.
After interface was received the reverse message of stream, the interface pretreatment unit can be handled by the correct business board M that gives from the reverse flow that external equipment receives according to the reverse flow table.Business board M finishes the reverse flow message and gives master cpu with message after safety service is handled.After master cpu has been handled this reverse message, can obtain corresponding service plate M according to stream table content according to any method in (1) in the above-mentioned situation ()~(3) when sending the forward message once more, give business board M with the forward message and handle.
By said method provided by the invention; the high-performance and the extendible characteristics of new architecture have been utilized; in big flow express network; at first the firewall functionality by business board carries out again message being passed to master cpu after the safe handling; master cpu can with the equipment class of other fire compartment wall back seemingly; obtain the protection of fire compartment wall, thereby effectively protected the safety of equipment master cpu.
The present invention also provides a kind of message handling system, but is applied to comprise in the high-performance extended flow treatment system framework:
Interface unit is used to receive the message that external equipment sends to master cpu, and this message is sent to business board; And the returned packet that this business board is handled sends to external equipment;
At least one business board sends to master cpu after being used for the message that interface unit sends handled; And send to interface unit after the returned packet processing with the master cpu transmission;
Master cpu is used for the returned packet that the message that the plate of managing business sends obtains is sent to business board, sends to external equipment by interface after this business board is handled.
This business board comprises:
Stream table transmitting element is used for sending the stream table to each interface and/or master cpu, shows that the returned packet of this message and correspondence is handled by this business board;
Identify transmitting element, be used for the related content of indicating self business board directly is kept at the growth data district of the message that sends to master cpu.
This master cpu comprises:
The business board acquiring unit is used for by the following method one or more and obtains the business board that receives returned packet:
Search the stream table of described each interface, obtain returned packet corresponding service plate; Or
Search the stream table that described business board sends, obtain returned packet corresponding service plate; Or
The relevant information of business board in the growth data district of the message that parsing receives is obtained returned packet corresponding service plate.
The present invention also provides a kind of message handling system, but is applied to comprise in the high-performance extended flow treatment system framework:
Master cpu is used for message being sent to business board handling when external equipment sends message; And the returned packet of reception business board transmission;
At least one business board is used for the message that receives from master cpu is handled after interface sends to external equipment; And send to master cpu after the returned packet processing with the interface transmission;
Interface unit is used for the message after the described business board processing is sent to external equipment; And the message that the external equipment that receives returns to master cpu sent to business board.
This business board comprises:
Stream table transmitting element is used for sending the stream table to each interface, shows that the returned packet of described message and correspondence is handled by described business board.
This interface unit comprises:
The business board transmitting element when being used to receive the message of external equipment transmission, according to the stream table that described business board sends, obtains the purpose business board that sends described returned packet.
By said system provided by the invention; the high-performance and the extendible characteristics of new architecture have been utilized; in big flow express network; at first the firewall functionality by business board carries out again message being passed to master cpu after the safe handling; master cpu can with the equipment class of other fire compartment wall back seemingly; obtain the protection of fire compartment wall, thereby effectively protected the safety of equipment master cpu.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential general hardware platform, can certainly pass through hardware, but the former is better execution mode under a lot of situation.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium, comprises that some instructions are used so that an equipment is carried out the described method of each embodiment of the present invention.
More than disclosed only be several specific embodiment of the present invention, still, the present invention is not limited thereto, any those skilled in the art can think variation all should fall into protection scope of the present invention.
Claims (12)
1. message processing method, but be applied to it is characterized in that in the high-performance extended flow treatment system framework, may further comprise the steps:
Interface receives the message that external equipment sends to master cpu, described message is sent to business board carry out sending to the master cpu processing after safety service is handled; Wherein, described business board carries out the safety service processing and comprises: quicken and controlled function by the stream on the described business board, described message is carried out safety service handle, to filter the attack message that wherein may comprise;
The returned packet of described master cpu after with described processing sends to described business board, sends to described external equipment by interface after described business board is handled.
2. message processing method according to claim 1 is characterized in that, sends to master cpu after described business board is handled described message when handling, and also comprises:
Described business board is notified each interface and/or described master cpu, shows that the returned packet of described message and correspondence is handled by described business board; The mode of described notice comprises:
Described business board sends the stream table to described each interface and/or described master cpu, shows that the returned packet of described message and correspondence is handled by described business board; And/or
Described business board directly is kept at the growth data district of the message that sends to described master cpu with the related content of indicating self business board, shows that described message and corresponding returned packet handled by described business board.
3. as message processing method as described in the claim 2, it is characterized in that the returned packet of described master cpu after with described processing sends to described business board and be specially:
Described master cpu is searched the stream table of described each interface, obtains described returned packet corresponding service plate, and the returned packet after the described processing is sent to described business board; Or
Described master cpu is searched the stream table that described business board sends, and obtains described returned packet corresponding service plate, and the returned packet after the described processing is sent to described business board; Or
The relevant information of business board is obtained described returned packet corresponding service plate in the growth data district of the message that described master cpu parsing receives, and the returned packet after the described processing is sent to described business board.
4. message processing method, but be applied to it is characterized in that in the high-performance extended flow treatment system framework, may further comprise the steps:
When master cpu sends message to external equipment, described message is sent to after business board handles, send to described external equipment through interface;
Described interface receives the message that described external equipment returns to master cpu, described message after handling, described business board is sent to master cpu, wherein, described message handled through described business board comprise: quicken and controlled function by the stream on the described business board, described message is carried out safety service handle, to filter the attack message that wherein may comprise.
5. as message processing method as described in the claim 4, it is characterized in that, described message sent to after business board handles, also comprise:
Described business board is notified each interface, shows that the returned packet of described message and correspondence is handled by described business board; The mode of described notice is specially:
Described business board sends the stream table to described each interface, shows that the returned packet of described message and correspondence is handled by described business board.
6. as message processing method as described in the claim 5, it is characterized in that described interface receives the message that described external equipment returns to master cpu, described message sent to master cpu be specially after described business board is handled:
The stream table that described interface sends according to described business board sends to the described returned packet that receives from external equipment and sends to master cpu after described business board is handled.
7. message handling system, but be applied to it is characterized in that in the high-performance extended flow treatment system framework, comprising:
Interface unit is used to receive the message that external equipment sends to master cpu, and described message is sent to business board; And the returned packet that described business board is handled sends to described external equipment;
At least one business board is used for the message that described interface unit sends is carried out sending to master cpu after safety service is handled; And send to described interface unit after the returned packet processing with described master cpu transmission; Wherein, described business board carries out the safety service processing and comprises: quicken and controlled function by the stream on the described business board, described message is carried out safety service handle, to filter the attack message that wherein may comprise;
Master cpu is used for handling the returned packet that message that described business board sends obtains and sends to described business board, sends to described external equipment by interface after described business board is handled.
8. as message handling system as described in the claim 7, it is characterized in that described business board comprises:
Stream table transmitting element is used for sending the stream table to each interface and/or described master cpu, shows that the returned packet of described message and correspondence is handled by described business board; And/or
Identify transmitting element, be used for the related content of indicating self business board directly is kept at the growth data district of the message that sends to described master cpu.
9. as message handling system as described in the claim 7, it is characterized in that described master cpu comprises:
The business board acquiring unit is used for by the following method one or more and obtains the business board that receives returned packet:
Search the stream table of each interface, obtain described returned packet corresponding service plate; Or
Search the stream table that described business board sends, obtain described returned packet corresponding service plate; Or
The relevant information of business board in the growth data district of the message that parsing receives is obtained described returned packet corresponding service plate.
10. message handling system, but be applied to it is characterized in that in the high-performance extended flow treatment system framework, comprising:
Master cpu is used for described message being sent to business board handling when external equipment sends message; And receive the returned packet that described business board sends;
At least one business board is used for the message that receives from master cpu is handled after interface sends to described external equipment; And send to described master cpu after the returned packet processing with described interface transmission, wherein, the returned packet that described interface is sent is handled and is comprised: quicken and controlled function by stream, described message is carried out safety service handle, to filter the attack message that wherein may comprise;
Interface is used for the message after the described business board processing is sent to external equipment; And the message that the described external equipment that will receive returns to master cpu sends to described business board.
11., it is characterized in that described business board comprises as message handling system as described in the claim 10:
Stream table transmitting element is used for sending the stream table to each interface, shows that the returned packet of described message and correspondence is handled by described business board.
12., it is characterized in that described interface comprises as message handling system as described in the claim 10:
The business board transmitting element when being used to receive the message of external equipment transmission, according to the stream table that described business board sends, obtains the purpose business board that sends described returned packet.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007103019353A CN101202756B (en) | 2007-12-20 | 2007-12-20 | Method and apparatus of message processing |
| PCT/CN2008/071281 WO2009079933A1 (en) | 2007-12-20 | 2008-06-12 | Message processing method and device |
| US12/808,426 US8259740B2 (en) | 2007-12-20 | 2008-06-12 | Method and an apparatus for processing packets |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007103019353A CN101202756B (en) | 2007-12-20 | 2007-12-20 | Method and apparatus of message processing |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101202756A CN101202756A (en) | 2008-06-18 |
| CN101202756B true CN101202756B (en) | 2011-02-02 |
Family
ID=39517717
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007103019353A Active CN101202756B (en) | 2007-12-20 | 2007-12-20 | Method and apparatus of message processing |
Country Status (3)
| Country | Link |
|---|---|
| US (1) | US8259740B2 (en) |
| CN (1) | CN101202756B (en) |
| WO (1) | WO2009079933A1 (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101202756B (en) | 2007-12-20 | 2011-02-02 | 杭州华三通信技术有限公司 | Method and apparatus of message processing |
| CN101616025B (en) * | 2009-07-21 | 2011-07-06 | 杭州华三通信技术有限公司 | Method for determining active-standby of services on control panel and a device |
| CN102821036A (en) * | 2012-04-20 | 2012-12-12 | 杭州华三通信技术有限公司 | Method and device for achieving packet forwarding |
| CN103401773B (en) * | 2013-06-26 | 2017-04-19 | 杭州华三通信技术有限公司 | Method and network equipment realizing interboard communication |
| US9473394B1 (en) * | 2014-01-10 | 2016-10-18 | Juniper Networks, Inc. | Proactive flow table for virtual networks |
| US10855588B2 (en) * | 2018-12-21 | 2020-12-01 | Juniper Networks, Inc. | Facilitating flow symmetry for service chains in a computer network |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1677933A (en) * | 2004-04-01 | 2005-10-05 | 华为技术有限公司 | Method for controlling protocol message attack |
| CN1852172A (en) * | 2006-05-29 | 2006-10-25 | 杭州华为三康技术有限公司 | Data communication apparatus |
Family Cites Families (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5896499A (en) * | 1997-02-21 | 1999-04-20 | International Business Machines Corporation | Embedded security processor |
| DE19742330C1 (en) * | 1997-09-19 | 1998-10-29 | Siemens Ag | Firewall implementation for computer network |
| US6999454B1 (en) * | 2001-02-09 | 2006-02-14 | Nortel Networks Limited | Information routing system and apparatus |
| CN1152517C (en) * | 2002-04-23 | 2004-06-02 | 华为技术有限公司 | Method of guarding network attack |
| TW569575B (en) | 2002-04-30 | 2004-01-01 | Realtek Semiconductor Corp | Transmission setup method and device for multicast packet |
| US20030231649A1 (en) * | 2002-06-13 | 2003-12-18 | Awoseyi Paul A. | Dual purpose method and apparatus for performing network interface and security transactions |
| US20060015715A1 (en) * | 2004-07-16 | 2006-01-19 | Eric Anderson | Automatically protecting network service from network attack |
| US7546635B1 (en) * | 2004-08-11 | 2009-06-09 | Juniper Networks, Inc. | Stateful firewall protection for control plane traffic within a network device |
| CN100496017C (en) | 2004-10-28 | 2009-06-03 | 华为技术有限公司 | Method for assuring two-layer Ethernet exchanger data safety in city area transmission equipment |
| WO2006063052A1 (en) * | 2004-12-07 | 2006-06-15 | Nortel Networks Limited | Method and apparatus for network immunization |
| CN100414928C (en) * | 2005-03-08 | 2008-08-27 | 华为技术有限公司 | Method for preventing offence between inserted users |
| US7869442B1 (en) * | 2005-09-30 | 2011-01-11 | Nortel Networks Limited | Method and apparatus for specifying IP termination in a network element |
| KR100725910B1 (en) * | 2005-12-08 | 2007-06-11 | 홍상선 | Method for connecting safely with a network |
| CN100384158C (en) * | 2006-04-04 | 2008-04-23 | 华为技术有限公司 | Safety protecting method for digital user line cut-in multiplexing device |
| KR101206542B1 (en) * | 2006-12-18 | 2012-11-30 | 주식회사 엘지씨엔에스 | Apparatus and method of securing network of supporting detection and interception of dynamic attack based hardware |
| US8000329B2 (en) * | 2007-06-29 | 2011-08-16 | Alcatel Lucent | Open platform architecture for integrating multiple heterogeneous network functions |
| US7843914B2 (en) * | 2007-06-29 | 2010-11-30 | Alcatel-Lucent | Network system having an extensible forwarding plane |
| CN101202756B (en) * | 2007-12-20 | 2011-02-02 | 杭州华三通信技术有限公司 | Method and apparatus of message processing |
-
2007
- 2007-12-20 CN CN2007103019353A patent/CN101202756B/en active Active
-
2008
- 2008-06-12 US US12/808,426 patent/US8259740B2/en active Active
- 2008-06-12 WO PCT/CN2008/071281 patent/WO2009079933A1/en active Application Filing
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1677933A (en) * | 2004-04-01 | 2005-10-05 | 华为技术有限公司 | Method for controlling protocol message attack |
| CN1852172A (en) * | 2006-05-29 | 2006-10-25 | 杭州华为三康技术有限公司 | Data communication apparatus |
Non-Patent Citations (2)
| Title |
|---|
| 张琳,丁晓明.交换机中报文三层转发的分布式处理研究与实现.铁道通信信号42 12.2006,42(12),56-59. |
| 张琳,丁晓明.交换机中报文三层转发的分布式处理研究与实现.铁道通信信号42 12.2006,42(12),56-59. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101202756A (en) | 2008-06-18 |
| US8259740B2 (en) | 2012-09-04 |
| WO2009079933A1 (en) | 2009-07-02 |
| US20100322239A1 (en) | 2010-12-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101202756B (en) | Method and apparatus of message processing | |
| EP3337123B1 (en) | Network attack prevention method, apparatus and system | |
| CN104468624B (en) | SDN controllers, routing/exchanging equipment and network defense method | |
| US11863570B2 (en) | Blockchain-based network security system and processing method | |
| US20120110633A1 (en) | Apparatus for sharing security information among network domains and method thereof | |
| CN101834875B (en) | Method, device and system for defending DDoS (Distributed Denial of Service) attacks | |
| CN106161335A (en) | A kind for the treatment of method and apparatus of network packet | |
| CN101299724A (en) | Method, system and equipment for cleaning traffic | |
| EP2161898A1 (en) | Method and system for defending DDoS attack | |
| CN105052087A (en) | Table items addressing method, switch, and controller based on flow table | |
| CN101635731A (en) | Method and equipment for defending MAC address deception attack | |
| CN101945117A (en) | Method and equipment for preventing source address spoofing attack | |
| CN101005412A (en) | Realizing method and system for preventing port loop detection message attack | |
| CN101605136B (en) | A method and an apparatus for Internet protocol security IPSec processing to packets | |
| CN101640823B (en) | Method and equipment for shunting multi-analysis system | |
| CN103812746A (en) | Bridging device based on linux operation system and communication method thereof | |
| CN105991588A (en) | ethod and apparatus for resisting message attack | |
| EP2940965B1 (en) | Time-locked network and nodes for exchanging secure data packets | |
| CN100550844C (en) | The method of reducing redirected message characteristic information | |
| CN104038494A (en) | Method for recording attack source and exchanger | |
| CN101997786B (en) | Efficient and safe heterogeneous media gateway | |
| CN111526124A (en) | Isolated communication system and method based on internal and external networks | |
| CN107113280A (en) | A kind of network control method and virtual switch | |
| US20100157806A1 (en) | Method for processing data packet load balancing and network equipment thereof | |
| US20080289004A1 (en) | Method and Module for Protecting Against Attacks in a High-Speed Network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Patentee after: Xinhua three Technology Co., Ltd. Address before: 310053 Hangzhou hi tech Industrial Development Zone, Zhejiang province science and Technology Industrial Park, No. 310 and No. six road, HUAWEI, Hangzhou production base Patentee before: Huasan Communication Technology Co., Ltd. |